James Evans | EduTechhttps://blogs.msdn.microsoft.com/edutech
Sr. Embedded Escalation Engineer - Azure Active Directory Embedded Engineering TeamTue, 30 Jan 2018 17:06:47 +0000en-UShourly1Script – Bulk Assign Users to Azure AD SaaS Applicationshttps://blogs.msdn.microsoft.com/edutech/cloud/script-bulk-assign-users-to-azure-ad-saas-applications/
https://blogs.msdn.microsoft.com/edutech/cloud/script-bulk-assign-users-to-azure-ad-saas-applications/#commentsTue, 20 Dec 2016 18:48:16 +0000https://blogs.msdn.microsoft.com/edutech/?p=5355Today we present a convenient PowerShell module which allows management of User Assignments to Azure AD SaaS and Web Applications. This can be quite a task for administrators so this may be a great alternative to manual assignment. Assignments can be made to users and groups, however for long term management I would recommend using Azure AD Premium to carry out operations such as this.

Pre-Requisites

If we are to assign users to a Saas App: Prepare a CSV with user UPNs populated in a single column headed: UserPrincipalName.
If we are to assign groups to a Saas App: Prepare a CSV with group ObjectID’s populated in a single column headed: ObjectID.
Assign a single User/Group access to the SaaS app via the Azure Portal.

How To:

This module leverages the existing Azure AD V2 cmdlets which make use of the Graph API.

To install the module - In PowerShell run:

Install-Module -Name AzureAD

Download the PowerShell Module which will be used to automate the permissions assignment.

Obtain information about the RoleID for the assignment operation

We will obtain the roleID which represents the type of role used for the App Assignment. You will need to supply the UPN of a user which already has been assigned access via the Azure Portal and the ObjectID of the ServicePrincipal for the SaaS App obtained earlier:

Assigning Access

In all the following User/Group Assignment commands, provide the file path to the CSV and the ObjectID of the ServicePrincipal of the SaaS app obtained earlier.
In a case where a RoleID was returned from Get-UserRoleID/Get-GroupRoleID, then also provide the RoleID GUID when assigning access to a SaaS App for the following commands with the -RoleID flag.

The CSV requires a single heading: "UserPrincipalName", and all UPNs listed below it.

Bulk remove access to Groups

This work has been built from the experience of my colleague James Evans and Dushyant Gill from the engineering team who initially blogged in regards to Azure AD Graph API and SaaS App user assignment scripts.

Hopefully this will quickly facilitate the requirement of assigning users/groups to an Azure AD SaaS Application. However, for long term management and automation we should be using dynamic assignment based on group membership which requires Azure AD Premium.

]]>https://blogs.msdn.microsoft.com/edutech/cloud/script-bulk-assign-users-to-azure-ad-saas-applications/feed/1Azure AD Synchronized Users with Password Sync are unable to change passwordhttps://blogs.msdn.microsoft.com/edutech/cloud/azure-ad-synchronized-users-with-password-sync-are-unable-to-change-password/
https://blogs.msdn.microsoft.com/edutech/cloud/azure-ad-synchronized-users-with-password-sync-are-unable-to-change-password/#commentsSun, 03 Jul 2016 02:55:46 +0000http://www.edutech.me.uk/?p=5261If you have recently started to here reports of users not being able to change there Azure AD / Office 365 Passwords then you may want to continue reading;

Previously,

If an administrator set a user to Force change password at next logon i.e. when they reset a user passwords it allowed password synchornized users tochange their cloud password and that updated password would not sync back to on-premises. This in turn caused major issues for customers who relied on password synchronization to keep passwords in sync, because it effectively allowed users to set two different passwords in two different locations.

Users that are synchronized to Azure Active Directory are unableto 'Change' or 'Update' password when 'Password Sync' is enabled and "Password Writeback" has not been enabled or configured will now receive an error message like:

"Your Organization does not allow you tochange your password on this site. Please change your password according to the method recommended by your organization, or ask your admin if you need help"

This is because we recently made a changeto only allow users that are synchronized to Azure AD and are using password sync tochange their passwords if the Password Writeback feature is available. If a customer wants to update password sync’d user passwords from the cloud, he or she must use the Password Writeback feature.

Any customer who does not want password writeback, but wants users to be able to manage their own passwords, should convert those user accounts to managed user accounts such that they are no longer synchronized from on-premises.

If you have any questions please be sure to let me know,

Thanks,
James.

]]>https://blogs.msdn.microsoft.com/edutech/cloud/azure-ad-synchronized-users-with-password-sync-are-unable-to-change-password/feed/1Microsoft Azure B2B – Visual Studio Onlinehttps://blogs.msdn.microsoft.com/edutech/administration/microsoft-azure-b2b-visual-studio-online/
Tue, 29 Sep 2015 13:59:15 +0000http://www.edutech.me.uk/?p=4211I am sure that you have heard that the Azure Active Directory Team have been hard at work and recently placed Azure AD Business to Business (B2B) in to public preview, which enables organizations to share applications & services that they currently use with external business guest / partners etc. and obtain your feedback prior to us placing this feature in to General Availability.

A common scenario in the developer world is where organizations connect Visual Studio Online with a Corporate Azure Active Directory, up until this feature release administrators have always had to manage Azure AD accounts for partners/business guests or have had to result in using Microsoft Accounts (Consumer Identities) which has always been frowned up on and for good reason to be honest, as consumer accounts should be avoided in the world of Business & Enterprise!

In this article the aim is to show you how to configure Visual Studio Online to use Azure AD accounts that are created as part of you Inviting Partners / Business Guests in to your Azure AD. If you want to read further information about the feature as a whole, please refer to the link above.

Unfortunately it is early days at this moment in time, and so this particular deployment does require a bit of a 2 step process to get your external users using Visual Studio Online.

Email: Email address for invited user.DisplayName: Display name for invited user (typically, first and last name).InviteAppID: The ID for the application to use for branding the email invite and acceptance pages.InviteReplyURL: URL to which to direct an invited user after invite acceptance. This should be a company-specific URL (such as contoso.my.salesforce.com). If this optional field is not specified, the inviting company's Access Panel URL is generated (this URL is of the form https://account.activedirectory.windowsazure.com/applications/default.aspx?tenantId=<TenantID>).InviteAppResources: AppIDs to which applications can assign users. AppIDs are retrievable by calling Get-MsolServicePrincipal | fl DisplayName, AppPrincipalIdInviteGroupResources: ObjectIDs for groups to add user to. ObjectIDs are retrievable by calling Get-MsolGroup | fl DisplayName, ObjectIdInviteContactUsUrl: "Contact Us" URL to include in email invitations in case the invited user wants to contact your organization.

Invite User Accounts

Select “Users in Partners Companies” and upload CSV File that you created previously.

End User Experience

Each of the users that you sent out an invite to will get an e-mail like the following example:

Once they click on the link, they will be taken to a page like the following example: [branding is my demo branding]

NOTE: In this scenario, you would normally configure the Reply URL to send the user to the application once accepted. In this instance I would recommend you sending the users to a static landing page stating that there account will be abled in X amount of time. The reason for this is because you will have to go and add the user to the VSO Permissions once the account has been created. Unfortunately there is no 'Sync' Between the Invite Process & VSO Group Memberships and at the moment you can't add AAD Groups to VSO Groups which would of course make it more streamlined.

Once the invite has been accepted, as a collection admin you shall now be able to go and add the e-mail ID that you invited in to the relevant VSO Group. Once this has been done, the user will now be able to login to VSO using their Work Account and access your VSO Collection.

Add Users to Visual Studio Online Collection Group

Once you have added the user to the VSO Group. They will be able to access the VSO Collection by either going directly to your *.visualstudio.com address.

I hope that this helps, it is just one of the examples Azure B2B is going to help organizations stay secure, compliant and improve the end-user experience!

If you have any questions let me know,

James.

]]>Microsoft Health and Microsoft Band comes to the U.K.https://blogs.msdn.microsoft.com/edutech/microsoft/microsoft-health-and-microsoft-band-comes-to-the-u-k/
https://blogs.msdn.microsoft.com/edutech/microsoft/microsoft-health-and-microsoft-band-comes-to-the-u-k/#respondTue, 17 Mar 2015 13:36:39 +0000http://www.edutech.me.uk/?p=3922I am sure many of you out there have been waiting for the Microsoft Band to come to the UK! Today, we announced that this is now happening and will be available from April 15th through Amazon, Currys PC World, Dixons Travel, Harrods, Microsoft Store and O2.

Microsoft Health is an opencloud-based service that helps you live a healthier lifestyle by providing actionable insights based on data gathered from the fitness devices and apps that you use every day. It is designed to work with you, no matter what phone or service you use. We’ve got some great partnerships including Runkeeper, MyFitnessPal, MapMyFitness, Microsoft Health Vault and in the U.K., we have an exciting partnership with Nuffield Health who are leaders in fitness and wellbeing. Find out more

Microsoft Band is the first device powered by Microsoft Health. Live healthier by tracking your heart rate, calorie burn and sleep quality alongside comprehensive fitness features such as on-board GPS for run and cycle tracking. It also includes Guided Workouts, which is like having a personal trainer on your wrist. In addition, the Microsoft Band helps you be more productive with calendar alerts, email previews and access to Cortana with Windows Phone3. And to make it easy to get up and running, the Microsoft Band works with the phone you already own; Windows, iOS and Android. Find out more here.

]]>https://blogs.msdn.microsoft.com/edutech/microsoft/microsoft-health-and-microsoft-band-comes-to-the-u-k/feed/0Azure Enterprise Agreement Guidance – using your existing work accounts (AAD) as oppose to Microsoft Accounts (MSA)…https://blogs.msdn.microsoft.com/edutech/aadsync/azure-enterprise-agreement-guidance-using-your-existing-work-accounts-aad-as-oppose-to-microsoft-accounts-msa/
https://blogs.msdn.microsoft.com/edutech/aadsync/azure-enterprise-agreement-guidance-using-your-existing-work-accounts-aad-as-oppose-to-microsoft-accounts-msa/#commentsMon, 16 Mar 2015 00:28:05 +0000http://www.edutech.me.uk/?p=3852As Microsoft Azure grows I am sure there are many of you out there whom may have already or are in the process of signing a new Microsoft Enterprise Agreement! I am sure most of you out there have gone through the normal motions have just gone ahead and used Microsoft Accounts (Live ID) as oppose to maybe using your existing Work Accounts (Azure AD). If you are new to signing an agreement I recommend that you consider setting things up using work accounts from the start, as oppose to using Microsoft Accounts or/ if you have already set everything up then maybe look at re-aligning your account and subscription set-up before you head in too deep!

I hope the below guidance will be of some use, and if you have any questions please be sure to reach out to me.

when you receive the e-mail to sign your new agreement (today) you will be asked to sign the agreement using a Microsoft Account and then once this has been done, this account will be the first Enterprise Admin on your Enterprise Agreement.

Once you have signed your agreement and login to http://ea.azure.com for the first time using that account, this is where you should ensure that you think about how you proceed before just going in and creating new account administrators and subscriptions.

If you are already using one of Microsoft's 1st party services such as Office 365, Dynamics CRM etc. then you will already no doubt have work accounts (AAD) and so it is recommended that you look at using these for your Enterprise Agreement. The first thing you should do is add your work account as an Enterprise Administrator (if your MSA uses the same domain namespace as your work account it will auto merge the 2 accounts together and use the work account (AAD)). If you are not overlapping the namespaces then you will need first ensure that your Enrollment Authentication Level is set to Mixed Account.

Once this has been done, select add administrator and then add your work account as an administrator, you will receive an e-mail once you click on the URL contained within it will then confirm your account and you will be added as an enterprise administrator.

Moving forward, ensure that when you add new Enterprise Administrators or/ Account Administrators you add your employees 'work accounts'. The purpose behind doing this is to give your employees a consistent experience across all the administration portals but the most important reason is because when you create an account administrator, this person can create subscriptions... when new subscriptions are created by using the work account this will ensure that the subscriptions automatically get linked to the existing azure active directory and doesn't create a new directory.

I see the following as the fundamental best practices, obvious every enterprise company is different but hopefully understanding these concepts will help..

An Account Administrator will become the Account Administrator of each subscription they create and be the initial Service Administrator.

It is good practice to ensure that your Account Administrators are 'Service Accounts' as oppose to Individuals so I would recommend you creating 3 service accounts

UserPrincipalName

Role

Purpose

aa_azure@contoso.com

Account Administrator

Individual Account Administrator for each subscription

sa_azure@contoso.com

Service Administrator

Individual Service Administrator for Each Subscription

ea_azure@contoso.com

Enterprise Administrator

EA Top Level Administrator

You can change the Service Administrator of the Subscription when it has been created to be the sa_azure@contoso.com account. to ensure that finance teams whom may have access to the account administrator role do not have administrator privileges over your resources hosted within the subscriptions.

If I was to draw this in to rough picture, it would look something like the following:

This in essence shows that your synchronize your on-premise identities to Azure Active Directory and you use this directory service for Office 365 and you also use the same directory service for your Azure Enterprise Agreement which in turn also means that for each of the subscriptions you create under the EA you will also sign-in to these using your work account. This ensures that you have a consistent, secure and manageable identity across all of your Microsoft Services.

If you are not currently a customer of any of the 1st party services, you can still create a azure active directory to ensure that you start off on the right path you can sign-up to Azure AD using http://account.windowsazure.com/organization and then you can manage that directory service using http://portal.office.com and then once you can use the directory and the accounts with-in it to structure your EA as per above. later, if you plan to use Office 365 or any of other Microsoft Online Services you can use the directory service you have already setup. you just add the subscription via purchase services in the portal.office.com.

I hope that this helps, of course every enterprise is different and so this is to give you a example. the only rule i would take away is to ensure no matter how you setup the EA ensure that you use work accounts NOT Microsoft Accounts. Microsoft Accounts aka Live IDs are consumer identities and you should avoid using these if possible in the Enterprise unless the service your attempting to use does not support work accounts.

Thanks,

James.

]]>https://blogs.msdn.microsoft.com/edutech/aadsync/azure-enterprise-agreement-guidance-using-your-existing-work-accounts-aad-as-oppose-to-microsoft-accounts-msa/feed/1Changes to Azure AD Authentication Flows – Simplicity & Consistencyhttps://blogs.msdn.microsoft.com/edutech/cloud/changes-to-azure-ad-authentication-flows-simplicity/
https://blogs.msdn.microsoft.com/edutech/cloud/changes-to-azure-ad-authentication-flows-simplicity/#respondSat, 07 Mar 2015 02:56:12 +0000http://www.edutech.me.uk/?p=3721I thought I would post this up here for the regular readers, a colleague of mine whom is a Program Manager over in the Cloud Authentication Services Team recently wrote an article, rather than duplicating effort! have a read below this is especially important to you developers out there whom maybe wondering about some of the changes...

We've now made a simplification in our service to remove all those redirects. All authentication requests can now be served directly by https://login.microsoftonline.com end-to-end. To see it in action, open an InPrivate tab and try this link (which will send you to a non-existent "directory searcher" app after sign in):

The sign-in user experience includes several new features. Examples are the ability to maintain multiple actively signed-in users and a more responsive UI that behaves appropriately across more devices and screens.

We can enable a number of features in our engineering systems that will lead to an even more reliable service.

The natural question that follows - what impact does this have on your existing app? Largely, the answer is none. However, if your app makes certain assumptions about our underlying implementation it may require changes. Here are some subtle differences that you should be aware of:

The HTML markup and scripts for the new sign-in experience are significantly different even though the visual appearance may be the same. Any tests that rely on exact markup may break and need to be updated.

And in the interest of being thorough, the following items have not changed:

The behavior of both token endpoints will remain precisely the same.

The value of the "issuer" both in metadata and in tokens issued by Azure AD will remain the same – it will continue to be https://sts.windows.net/ based.

If you're creating a new application, you should use https://login.microsoftonline.com as the authority going forward. Our documentation and samples will be updated shortly to reflect the change. If for any reason you need to ship an app using https://login.windows.net going forward, please contact us before doing so – tweet us at @azuread.

For those applications currently authenticating against https://login.windows.net, we recommend making the effort to incorporate the change immediately; your users will get an improved sign in experience, and your authentication flows will be free of extra complexity.

If you have any questions feel free to reach out to us over at the @azuread twitter alias! or if I can do anything to help let me know!

Enjoy!

James.

]]>https://blogs.msdn.microsoft.com/edutech/cloud/changes-to-azure-ad-authentication-flows-simplicity/feed/0unable to verify domain name – Office 365 / Azure ADhttps://blogs.msdn.microsoft.com/edutech/administration/unable-to-verify-domain-name-office-365-azure-ad/
https://blogs.msdn.microsoft.com/edutech/administration/unable-to-verify-domain-name-office-365-azure-ad/#commentsSat, 07 Mar 2015 02:48:01 +0000http://www.edutech.me.uk/?p=3681I just wanted to a quick article about issues that I see come up quite often where you are unable to verify a domain against a Microsoft Online Service or more specifically Azure Active Directory, Today this can be down to quite a few different issues which are generally in the following buckets {be sure to read the full article before proceeding}

The domain has already been verified against Azure AD by another IT Admin within your organization, he may have left the business and you no longer have access to the tenant.

In this particular scenario you will have to contact Microsoft Support for assistance and go through a domain dispute process which support engineering teams can assist you with and unblock you from verifying your domain.

but, in many cases this could just be down to one of the following reasons and the good news is you can get things moving forward all by yourself so I hope that this will help!

If you portal UI allows you to add the domain, provides you with a record to enter in to Public DNS but then fails to verify then it's always best for you to attempt to verification using powershell as a backup before phoning Microsoft Support for assistance. In order to do this you just need to download the Microsoft Online Sign-In Assistant and Microsoft Online PowerShell Module which can be found here: http://aka.ms/aadposh

Once you have downloaded the require components and successfully installed them go ahead and launch a powershell console

If this then fails, take a sneak peak at the PowerShell MSONLINE Log Files and if you still need further guidance, ensure to attach that to the support incident as it is super helpful to the support engineering teams when investigating the problem your having. These files can be found "C:Users%username%AppDataLocalMicrosoftOffice365Powershell"

Power Bi Individual Signup

If you get the following notification:

then someone in your company has signed up for Power BI and you will first need to become and admin of that tenant that was automatically created for you. or/ if your an education establishment that a student or teacher has acquired there Office for Education eligibility and so, as the IT Admin head over to [PowerBi]https://www.powerbi.com/dashboards or [Office]https://portal.office.com/start?sku=e82ae690-a2d5-4d76-8d30-7c6e01e6022eand enter your e-mail ID. Once you have received the e-mail click on the confirmation link and complete the fields, an account for you will be created and then you can login.

Once you have done this, you will have an option to Become an Admin by clicking this link it will provide you with a record type (TXT or MX) and a value for you to add to Public DNS. Once you have done this, head back in to the portal and verify the domain.

Once you have verified the domain this will make your account a Global Admin of that tenant, you will then be able to see the users (yourself + everyone whom signed up for PowerBI) and you will be able to then make a decision as to weather you continue using this tenant that was created for you or/ removing the domain. unfortunately if you remove the domain the individuals that signed up for PowerBi will no longer have access to there data and so be sure to check with them first before proceeding.

If you have any difficulties or are not sure on how to proceed, reach out to Microsoft Support and they will be able to assist you with this process and get you moving forward without delay! if you have any issues please feel free to reach out to me.

Another topic that comes up quite often is where IT Administrators who have signed up for Microsoft Azure attempt to verify the domain against there Azure AD. If this fails, again it is likely you fall in to one of the above scenarios! but it might also mean that you genuinely are already using a Microsoft Online Service such as Office 365, Dynamics CRM or Intune which is great! but you should have signed up to Microsoft Azure using your existing work account aka organizational account and then it would have used the same Azure AD you have for the 1st party services as mentioned. If you didn't do this don't worry there is a way you can resolve this on the assumption that you signed up to Microsoft Azure using a Microsoft Account aka Live ID.

open a support incident with Microsoft and ask them to perform an Account Admin Ownership Transfer which updates you billing account admin & service admin and also changes the default directory associated to the subscription to be your existing directory.

My recommendation to you if your an enterprise is to always use work accounts aka organizational accounts try and avoid using Microsoft Accounts in the business and enterprise! remember a Microsoft Account is a consumer identity so you as a business do not have any control or management over the account [best practice].

I hope that helps, reach out to me if you have any issues!

Enjoy & Thank You!

James.

]]>https://blogs.msdn.microsoft.com/edutech/administration/unable-to-verify-domain-name-office-365-azure-ad/feed/1Script: – Bulk Assign Users to SaaS Application using Graph API & ADALhttps://blogs.msdn.microsoft.com/edutech/administration/script-bulk-assign-users-to-saas-application-using-graph-api-adal/
https://blogs.msdn.microsoft.com/edutech/administration/script-bulk-assign-users-to-saas-application-using-graph-api-adal/#commentsWed, 04 Mar 2015 01:59:33 +0000http://www.edutech.me.uk/?p=3621Assigning users permissions to access to azure active directory SaaS Applications can be quite a mundane task especially if you haven't purchased Azure Active Directory Premium which would enable you to assign permissions to a group which i would honestly recommend as a long term sustainable solution for this but if you have a requirement to bulk assign users to an application then the following might come in handy!

How to use the module

To Execute the following command you need to replace the information within the 'body' with the information of the application you wish to assign to users.

First, you need to get a list of your applications within the directory which you can do by using graph explorer and the following resource endpoint. *remember to replace 'tenant.onmicrosoft.com' with the name of your tenant.

The PrincipalID value is the User Object but in this script as we will be doing this in bulk we shall parse that value in to each request body during the ForEach Loop we do using the final command.

Download the PSM1 and place it in your chosen directory, we shall be using c:scripts as our working directory in this walkthrough which is a module that can be imported into your powershell session using the following command

Import-Module c:scriptsGraphAddUserToApplication.psm1

Once the script module has been imported, you then need to run the following function which will load in ADAL

Load-ActiveDirectoryAuthenticationLibrary

Once this has been done, you then need to set the below global variable, this will launch a window in which you will authenticate as an user whom is a global administrator in the directory in which your users and application is located.

$global:authenticationResult = Get-AuthenticationResult

Once that has been done, you can then proceed with the following command. The CSV file will have a single header called UserPrincipalName and then a list of UserPrincipalNames (i recommend you do this against a few users in the directory initially to ensure it works as expected).

Once completed, you should find that your users have now been assigned the application you wanted to assign.

The Module (functions) Explained!....

The first function Load-AzureActiveDirectoryAuthenticationLibrary first checks the presence of ADAL.Net libraries in the Nugets folder in user’s My Documents folder. If it doesn’t find the library it downloads nuget.exe from http://www.nuget.org and installs the Microsoft.IdentityModel.Clients.ActiveDirectory nuget. It then Loads the two assemblies that make up the ADAL.net SDK i.e. Microsoft.IdentityModel.Clients.ActiveDirectory.dll and Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll

The Get-AuthenticationResult function calls the AquireToken method provided by ADAL.net SDK to authenticate the user and returns the authentication results that contains the access token to access the Graph API.

The Get-AADObject function receives as input the entity type e.g. “users” or “applications”. It then constructs the entity URI and employs the Invoke-RESTMethod base PowerShell cmdlet to invoke an HTTP GET on Graph API. The function retrieves the access token from the global authentication result variable and adds an Authorization header to the REST method call. Invoke-RestMethod cmdlets does the heavy lifting of creating an HTTPClient invoking the API and converting the returned JSON into objects that the Get-AADObject emits on the PowerShell pipeline

The Get-AADObject and Get-AADObjectById generic functions do the work of calling the RESTful Graph APIs. Get-AADUser (and other Get-AAD* cmdlets in this module) are simple cmldets that leverage these generic functions. The function definition is more formal, with the parameter attribute defining whether the Id parameter is mandatory, as well as providing a HelpMessage for the parameter.

The Set-AppRoleAssignments function uses similar code from the previous functions Get-AADObject and Get-AADObjectByID but in this function we also include a body and change the graph endpoint slightly so that it send the body to the graph endpoint appRoleAssignments. This will then be used to add the user (PrincipalID) to the service principal defined by the ID and ResourceID.

This was built upon work that had already been done by Dushyant whom is a colleague that works in the Microsoft Engineering Team, further information around AADGraphPowerShell can be found over on his blog! check it out.

I hope that this comes in handy! but remember, this is ideally to help if you need to assign a bulk user set to an application quickly it isn't designed to run as an automated process to manage user assignment this should be done using Group Application Assignment which is a feature of which is part of Azure Active Directory Premium!

Enjoy, and remember Test! before using in production environment!

James.

]]>https://blogs.msdn.microsoft.com/edutech/administration/script-bulk-assign-users-to-saas-application-using-graph-api-adal/feed/8Script: – PowerShell Script to Connect to all Microsoft Online Services using one function!https://blogs.msdn.microsoft.com/edutech/administration/script-powershell-script-to-connect-to-all-microsoft-online-services-using-one-function/
https://blogs.msdn.microsoft.com/edutech/administration/script-powershell-script-to-connect-to-all-microsoft-online-services-using-one-function/#commentsWed, 04 Mar 2015 01:55:10 +0000http://www.edutech.me.uk/?p=3471Feedback that we hear every now and again,Is how much it can be a pain for IT Admins whom need to administer multiple Microsoft Online Services via PowerShell. Each service require you to use a different module or dynamic script endpoint in order for you to be able to administer that service, and for some administrators this can be a real inconvenience. This particular script (which you should ideally add to your $profile will allow you to connect to all services using 1 command and you don't even have to connect to all services each time!).

The most efficient way to manage this is to paste the following code in to a notepad, and then save it as profile.ps1 in your windows powershell directory "C:Users%username%DocumentsWindowsPowerShell" this will ensure that each time you open a powershell console, the following code is loaded and you will be able to use the functions that have been made available.

]]>https://blogs.msdn.microsoft.com/edutech/administration/script-powershell-script-to-connect-to-all-microsoft-online-services-using-one-function/feed/1Azure AD Premium – Now Available via Direct Purchasehttps://blogs.msdn.microsoft.com/edutech/microsoft/azure-ad-premium-now-available-via-direct-purchase/
https://blogs.msdn.microsoft.com/edutech/microsoft/azure-ad-premium-now-available-via-direct-purchase/#respondThu, 08 Jan 2015 02:17:25 +0000http://www.edutech.me.uk/?p=3291For those of you whom have been itching to get your hands on to Azure AD Premium Licenses but would of preferred to have purchased them on a per-month basis like you do with your Office 365, Dynamics CRM or Intune Subscriptions, the good news is you now can.

In the Office 365 Administration Portal if you click on Purchase Services you will now find Azure AD Premium is available to purchase and is payable on a per user, per month basis.

All of those amazing new features that are only available to users whom have an Azure AD Premium License can now have access to this instantly by purchasing a license as per above.

I hope that this allows you to adopt and use the great features that are available as part of the Premium License!